Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

So it isn't really Microsoft that can lock you out, it's device manufacturer. Likewise they could lock you out of Windows if Linux was the OS that came with computer. Why don't we see a headline like "How Linux Can Lock Windows Off PCs"? Oh right, this is slashdot. We're here to bash Microsoft.

Boot rootkits are a real problem. Microsoft is improving security here. In fact, Linux has had the capability to use (U)EFI for years. Now Microsoft is just making it default in their system, because quite frankly most people aren't that intelligent with computers and the OS needs to decide some security for them. It's funny how in other news Microsoft gets bashed for bad security, and then in other news they get bashed for implementing those security features.

If you don't get the key when buying your computer, complain to your manufacturer. It's their fault. I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money. And nowadays there's lots of computers available without Windows, or you can just build it yourself.

They don't have to be coaxed, it's in their best interests to lock it out from the purchaser. It's the same reason they lock you out of android phones. Installing your own OS is something they don't want you to do because they think it drives up support costs and makes their built in advertisements go away.

Now you're just talking shit. Microsoft was fined 15 years ago for making deals with manufacturers and were forbidden for doing so. They stopped. Manufacturers still offer Windows because that's what most people want, believe it or not. Everything works with Windows, especially if you're a gamer.

Maybe you're just ignorant. I've asked three computer stores in my area, and they all say that they are contractually obligated to install Windows on every PC they sell. I asked if I could buy one with no OS, or with another OS installed, and they said their Microsoft contract forbids it. That was this year, not 15 years ago.

There are no "Microsoft contracts" up here in Canada, certainly not with the individual shops as that would be a logistical nightmare to administer, even for MS. What does happen is skeevy shop owners like to sell an overpriced OS with every PC, because it's often the only profitable part of the deal on low-end machines. They make up these ominous sounding "contractual obligations", to which the alternative is to buy the PC unassembled with only a 30-day (in-store) warranty rather than the usual 1-to-3 year deal. A lot of customers don't know any better, so they fork over an extra $150-200 for an OEM license of W7HP.

With the big-box brands it's a bit different, because they love the preloading business. They still get paid to put bloatware on your machine - McAfee and MS Office trials - and of course they get a deep "volume" discount on the OS itself. There's still nothing that can legally force them to shove an OS down your throat, but since they don't list a price for an OEM license of the OS, nor many of the core components in the machine, they can argue that it's included in the base price, so there is no point in asking them to remove it since it's "free". They really could sell you a machine without Windows if they so wanted, and for larger corporate purchases you can specify that (or provide your own ghost image), but for the consumer stuff they would much rather sell you a preloaded PC that's ready for the average casual user. Just the support calls alone, from clueless users who bought a naked machine and don't know what to do with it, would be a PR nightmare and a huge cost sink. I've lost count of the times people bought naked machines from me, claiming they didn't need an OS, then returned a day later to buy the damn disc.

Think back a few years, when Dell briefly offered Linux-ready PCs. They cost more than the Windows-loaded versions of the same machines. Now you can run up and down with your conspiracy theories about MS bribes and whatnot, but the reality is that charging a little bit more for the Linux-ready variant ensured that the average Joe Random would buy the cheaper Windows one, even if the difference was only $30 or so, it's sufficient. This, in turn, probably saved them countless frustrating support calls from irate morons. Then a bit later they started preloading Ubuntu on there, to at least have the machine boot to an internet-ready OS.

I'm sick of hearing that crap. How do you vote with your feet if there is barely any choice in the so-called "marketplace"? And if you vote with your wallet, will that count against the votes of others whose wallets are rather thicker than yours?

All these "vote with" phrases make a mockery of democracy. Here is my suggestion: vote with your vote. I know, it's pretty damn bold.

The sad fact is, that microsoft was the great innovator in this space. IBM, who came before them, didn't allow any os but their own to use any hardware they produced, nor did they allow any competition on the hardware side of things. They were like apple's iphone business.

Microsoft is the reason that you can install alternative operating systems in the first place. Everyone else managed to blow themselves up, despite having a really strong opportunity. DR-DOS, Concurrent PC-DOS, CP/M, FreeDOS, PTS-DOS, ROM-DOS, Novell DOS, OpenDOS and I'm not even providing a full list here. Geos, PC/Geos, GeoWorks, MAC/OS, OS/2, Amiga/OS, BeOS, Iris, NextStep, RISC OS, Visi On... Microsoft openly competed with all of them and won, mostly on technical merit. Apple was one of the companies that used the courts to prevent alternative operating systems from becoming possible, and has always been openly hostile to competition. Along with that, Microsoft created the market for hardware innovations (my apologies to any lisp/c64/... machine addicts, but... even you know what I man). You should give them credit for that, even if that credit mostly belongs to Bill Gates, and little claim can be laid to it by the current microsoft crew.

Microsoft is the canonical example of a company that faced lots and lots of competition and won mostly on technical merits.

Besides, I'm kinda starting to hate this anti-microsoft bashing. It's been years since I've used any form of windows on my own machines, or at work. There is no anti-competition behavior microsoft might be doing of that apple isn't doing 10x worse. Compatibility with iWork ? Just try it. Yet apple is not just forgiven for being anti-freedom, but actually revered for it. "A curated experience is better" and so on. And on apple machines, you really can't install the software you want, because there are actual, technical control measures in place that actually try to prevent it.

In this case, people are afraid of what microsoft *might* at some point, try to do. Great. Microsoft, today, isn't the problem. Apple is the big enemy of software freedom today. Microsoft is mostly becoming less free by imitating apple.

So please, let's shelve this discussion until apple has been broken up into a hardware business entirely separate from the software business. Including on the iPhone front.

Yes, IBM's enterprise machines, up until recently, let you run no alternative OS. But the IBM PC has been open from day one. You've always been allowed to run alternate OS'es on your PC. You thought Microsoft "let" you run alternate OS'es? They did not then, and do not now, own the PC HW architecture. It was IBM's openness that let you do this, not Microsoft's.

(IBM did try to keep some of the particulars of the BIOS secret to prevent PC clones, but it was swiftly reverse-engineered and IBM did not stop it, despite the long-demonstrated ability to have their lawyers crush the opposition.)

"IBM did try to keep some of the particulars of the BIOS secret to prevent PC clones, but it was swiftly reverse-engineered..."

That's not right. IBM published, in full, in thetechnical reference manual, the commented BIOSsource code. It wasn't SECRET, it was COPYRIGHT.

The third-party BIOS'es were reverse engineered, byclean-room techniques where the authors never sawthe IBM publication, but only the formal specification.The formal-specification team DID read the source.

Simple solution: let Windows "fix" the bootloader, then boot from a LiveCD and reinstall Grub. I don't think the behavior is willfully malicious either. Microsoft's installers have always assumed that Windows would be alone on a given system because, in an overwhelming number of use cases, they are. *nix users have long stood by the maxim "install Windows first, THEN $foonix" for that very reason.

The secure BIOS won't allow booting/installing of unsigned binaries. From the second linked article:

The UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys.

So, we'll need to find a way to install keys that have been used to sign Linux installers (and kernels, apparently). Not sure how possible that is.

I also dual boot Win7 and Fedora on this Thinkpad and Grub is the one in the MBR. However, I haven't succeeded in getting SP1 to download and install. Until now I just figured, "That's just Windows" and didn't care since I only boot it when I'm doing the 'well does this damned site even work on Win+IE?" test and that doesn't happen often anymore.

But I have been saying for a couple of years that while before Microsoft's future vision was to make the PC into an XBox that it changed recently. Now they are c

I ran into this same issue some months back. If I am not mistaken, all you have to do is make sure the "bootable" flag is toggled on the windows partition. You can even have more than one "bootable" partition, so don't worry about changing anything else.

It did take a while to find that fix however, and during the interim I cursed MS up and down:)

Why would you need to find a job? Make a good business plan or come up with an innovative idea, get some financial backing behind it and there's your success. That's what I meant with working hard, not some dead-end McDonalds job.

Oh, I'm sorry, I thought we were talking about reality here. You're right, everyone should just be an entrepreneur, what was I thinking?

There's nothing, absolutely nothing stopping you from trying so.

Well, except for that whole "lack of money" thing. Oh yeah, and a lack of time since you already work 2 full-time jobs just to continue living at a first world level. And the kids, yeah, we'll have our nanny take our kids off our hands for a few weeks while we hammer out a business plan and shop it around to investors (I mean, we all know venture capitalists, amirite?). If we blow off our annual trip to the Caribbean we should have enough to cover the mortgage and car payments for a month while we get our new business off the ground, and once the money from our business starts rolling in (it'll have to, there's no way a business could crash and burn!), we'll be on easy street!

You've been reading too much pro-Capitalism propaganda. It's a game, and the game is rigged...it has been for at least a hundred years.

Ah, the "I know a person that can do it, so that means everyone can" argument. I know it well, I hear it a lot when talking to people about the cyclical nature of poverty and wage slavery. "[Insert name here] made it out of the ghetto and became a multimillionaire, that means that everyone in the ghetto is there by their own choice!" "[Insert name here] started in the mail room and worked his way up to CEO, therefore everyone can do it if they really want it bad enough!"

The reason why that is notable is because of the extremely long odds they beat to get where they ended up. For every person that made that climb from entry level to CEO, there are 99,999 that never made it beyond entry level, not because they were necessarily any less qualified or driven, but because they just weren't in the right place at the right time. You think the best man for the job gets promoted in today's business world? LOL

For every person that is able to make it out of the ghetto and become successful, there are thousands more that try just as hard and don't make it. Once social services get severely curtailed, if not axed entirely, due to this carefully engineered economic crisis, even fewer people will be able to make it. Are they all lazy? I mean, it certainly sounds like that's what you're saying, 85% of people are lazy. Couldn't it be that they're trapped in a dead end job because they lack the resources required to go out and get a better one? That's even ignoring the health care aspect, you know, the people that are stuck in a shitty job because they need health insurance for their sick spouse or child, insurance they will lose when they change employers. What should they do? Throw caution to the wind and bet on "making it?" Those with money can afford to take risks, hell, we just got done handing trillions of dollars to banks to cover the losses of their speculation. Those working at Walmart can not, and even if they could, you think a bailout is waiting for them?

If you're unable to see how much of this game relies on luck then you're either blind or willfully ignorant.

Excuses are like butt holes. Everybody has them. "Oh my... I can't do X because of rich/capitalism/white man" BS. My next door neighbor is a single mother working two jobs and going to school to become a RN. She doesn't think working as a waitress it a good long term career option, so she is making the required changes in her life. Capitalism is all about how much you are willing to put into life. Period. Stop blaming society on your problems and do something about it. The USA is the great country it is, because of the entrepreneur spirit.

That's a delightful story up to the point where something outside her control goes wrong. Let her get sick and see how well that dream plays out. What sort of medical benefits package does a waitress going to nursing school have? All it takes is one such event and the "American Dream" can easily fall to pieces because the societal safety nets aren't sufficient to cover the sorts of problems that the majority of Americans run into. I truly wish that capitalism was all about how hard one is willing to work, but I'm not naive enough to think that's the case in reality.

Oh, and I wish your neighbor all the best, but considering that I know several nurses who have no trouble getting jobs but couldn't get a nursing job sufficient to pay for their student loans, I suspect her American Dream just might not have a happy ending, unless you count working two jobs (one of them as a nurse) to be success.

Why waste your time inventing conspiracy theories, when a very good reason to do this is obvious: Malware is a real problem, and this is a good measure to take against it.

No, this is a really, really BAD measure to take against it, just as locking down the Internet and requiring a national ID number to connect a device to it would be. With such a system you could lock up or even execute all the black hats and there would be no malware within a year, does that make it a GOOD solution because it's effective?

And yes I think that's a fair comparison, both ridiculously bad for the freedom of average citizens and the overall freedom of computing.

Then they get a device that doesn't require it. It's an OPTIONAL security addition

The article I read claimed that Microsoft might require this lockdown on all machines preloaded with Windows 8. The Network World article cites a Microsoft presentation with a slide stating that UEFI Secure Boot will be "Required for Windows 8 client".

In my opinion neither the title nor the article are overly sensational as claimed by you. While it is technically true that the device vendor does the lock out, this is nothing more than a smoke grenade tampering with the truth.

The fact is that Microsoft will require the manufacturers to support this technology if they want to sell devices on which windows will run. Even more the fact is, that this means that they will have to include keys by Microsoft which will prevent the device from running unsigned code like Linux.

And while it is still a rumor it can probably be taken as a fact that disabling this feature (if made possible by the manufacturers) will likely cause Windows to not start because this is what malicious software would do as well and allowing this would circumvent the security improvement.

So cut the crap. Yes, it will be the device manufacturers who will effectively bring this restriction into life. But it will be Microsoft who forces them to do so.

I'll be in the market for a new laptop soon, and I've already decided to use a thin Linux server install with a VMware installation, and just run any desktop, Microsoft, or "other" OS as a VM. That way I'm not having to screw with dual booting. Yes, I will have a bit of constant system overhead, but I'll have some serious flexibility and system security. This is the same strategy used on servers, yes?

Not an issue.It doesn't lock it to windows 8.It locks it to people who have the proper key to sign their executables.As only microsoft and the hardware maker will have this, microsoft can easily sign windows 9 so it will boot on this system.

This really doesn't require Microsoft to force it, it will happen anyway.

I have an HP machine of a certain age with a chip with perfectly good VM extensions that are locked out by the BIOS. They can't be enabled. Sony also did this on 'consumer' machines.

There's no good reason to lock it out. It saves them implementing one option in the BIOS setup and that's it. Frankly, there's no obvious reason why you would disable it at all, but hey.

So, Microsoft aside - and their decision, aside from possible and so-far unfounded concerns, is a technically sensible one - we will still see machines that are incapable of booting 3rd party OSes, and the support lines will simply say they're unsupported.

(Better still, this will encourage people to crack MS's install key. Criminals will want to anyway, but it's much more likely to happen i the wider hacking community puts its might behind it.)

Maybe I'm naive, but if I were a BIOS manufacturer, I would just have an option to "disable trusted boot" or "enable installation of new operating system" both with appropriate warnings about malware and lack of support....

Or, even better, provide have the BIOS provide a UI for key management. This way, before installing an OS, you need to go into the BIOS, install the new OS's bootloader key, and then fire it up. Ideally, this functionality should only be available from the ROM setup program before an OS is loaded, to make it more difficult (hopefully impossible) for malware to install its own keys programatically.

If you don't get the key when buying your computer, complain to your manufacturer. It's their fault. I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway, you're just throwing away money.

What about those people who buy Windows now, because they don't know any better, but then learn about Linux, and want to install it on their then old computer several years from now? This is not only a plausible scenario for installing Linux on a computer which had Windows initially, but it is also a scenario where complaining to the manufacturer won't help: he may no longer be in business by them, or not longer have the keys for obsolete machines.

O, and another reason to buy a computer with Windows if you're going to install Linux anyways: maybe Microsoft is still so good at bribing most manufacturers that it is difficult to find computers of the desired spec without Windows.

Can you give a precise definition of "boot time rootkit" that does not include a competing operating system, along with a way for a computer to distinguish between the two? If I boot Linux and then run Windows in VirtualBox, is that a "boot time rootkit"?

Really? That's your complaint? You don't know that the vast majority of PCs currently being shipped, and expected to be shipped in at least the foreseeable future will come with Windows, and set up to MS guidelines? When the roles are reversed, and Linux is the majority player, driving how manufacturers configure their hardware (yea, right!), then you can complain that Windows is getting picked on.

I don't know why you're buying a computer with Windows to begin with if you're going to install Linux anyway,

Even if we ignore the new Linux installs, how about re-purposing an old PC, second hand PCs, corporate computers that are sold off for cheap, huge blocker for people wanting to migrate/test Linux and so on. Laptops pretty much all come with the OS preinstalled and the desktop market is dominated by OEMs. The volume of "virgin" hardware that's never been touched by Windows is just a few percent of the market (excluding Macs, but Apple might decide to do the same).

Australia has some interesting Trade Practices legislation that says it is illegal to bundle products together unless it is 'impossible to unbundle them'. This effectively means that Dell's policy of selling every workstation with a copy of Windows is illegal - unless it is impossible for Dell to sell a PC without Windows 7 - which (while untested in a court) is what Dell is saying.

The net effect is that you cannot buy a Dell PC without Windows. If you could, this would be Dell's admission that they were breaching Australian Trade Practices. Not sure who is more evil in this scenario, Aus govt or Dell... shall leave it to you to decide.

It's only "sensationalist" in the theoretical imaginary world where you focus purely on what the 'secure boot' sections of UEFI are capable of, and not at all on how the market can be expected to shake out...

Purely architecturally, the cryptographic mechanisms are vendor-agnostic. They could as easily be used to enforce the tyrannical rise of a BeOS monoculture! Except, of course, that there is zero likelihood of that ever happening....

There are two reasons for that. One is that hardware compatible with Linux might cost more. Case in point: In the dial-up era, winmodems were cheaper than modems with the full controller and DSP onboard. This was because they were glorified sound cards, and all the modem work was done by a driver specific to one operating system. A PC with a full hardware modem would cost more than a PC with a winmodem. Winmodem makers released a few drivers for specific Linux kernels, but there wasn't enough demand to get

Ok, so I was starting to write a rant disagreeing with you and pointing out some links so where I've seen Dell offer a Linux machine for cheaper...then I proved myself wrong. They give you the choice of two computers with lame specs for maybe 50 bucks cheaper than their Windows counterpart. WTF.

MS is thinking of REQUERING any device maker that wants to use the windows logo on their product to secure the boot process so no other system can interfere with it, it is MS making these demands, not the device makers. No device maker cares about what you do with their product but MS cares about people installing another OS on hardware.

And if you think everyone who runs their own software can afford to buy a key from a registar, you are just a dumb fuck Windows user trading security for freedom.

The solution, if Microsoft wants to be the non-Evil (if not actually "good") guys, would be to require UEFI secure boot AND require that the key be furnished to end users for logo compliance. If they're worried about social engineering, they can put it someplace where it won't stop anyone who's likely to care about Linux, but be a substantial barrier to clueless end users who'd be a danger to themselves and others if they had it. Say, a sticker on the motherboard (or, for laptops and factory-built PCs, unde

Isn't that an ad hominem though? He made an argument. Who he is doesn't affect the truth of the statements of the logic of the conclusions.

As for whether he actually is, a lot of us dislike the groupthink here and will typically only post when we feel that the initial post is rather too slanted. This will typically make some people come across as pro-MS because a lot of their posts simply disagree with those who are strongly anti-MS

Its amusing to see that a preference for Linux is fine, you can make any comment you like and no one bats an eyelid - but a preference for Microsoft is absolutely verboten, there is no one who could have a positive preference for Microsoft without them having to be paid by Microsoft for their efforts.

Exactly. We aren't supposed to boot other software on the Wii, XBox360, or Playstation. That doesn't stop us from doing it. In fact, they go through great lengths to ensure it doesn't happen, and it still does. Also, who cares if you can't boot Linux on a "Windows PC" with $25 ARM machines like Raspberry Pi coming out, I don't think we'll have much of a need to using the blessed Windows Logo machines for too long. Something majorly unexpected would have to happen for somebody to not be able to build thei

If you think they should be, make your case to the EU. You never know. The existing rulings against Microsoft were made because companies complained. The way Apple is going, with a chance of achieving a monopoly in the tablet market, I suspect they'll cross swords with the EU at some point.

However, the issue here is not whether Microsoft should be able to market their own-brand locked down tablet - its the hypothetical idea that MS could use its leverage with OEMs (i.e. the cost of MS software licenses, and other incentive schemes) to encourage them all to lock out non-MS operating systems. Hypothetical, but a plausible extrapolation from their past practices...

But do not fret, you can still install whatever OS you like on an Apple Mac.

And the IBM PC was largely successful because it was a general purpose and relatively open device...There were plenty of less open but otherwise superior hardware designs around at the time, and yet they largely failed... Apple is the only one thats still around, they nearly died and are still a small player in the market.

While it would be possible for various [Linux] distributions to get their keys added, that wouldn't help anyone who wanted to run a tweaked version of the "approved" bootloader or kernel. Distributors would not be able to release their private keys to allow folks to sign their own binaries either. Each key is just as valid as any other, so malware authors would just pick up those keys to sign their wares. Exposed keys would also find their way onto the forbidden list rather quickly one suspects.

This reminds me of the way keys are used to protect DVDs and we all remember what happened.

Sorry I can't find any references but I remember a few years ago the RIAA said they wanted something like this. They used their usual dishonest wording and said something like "equipment should not allow the installation of any systems that allow the circumvention of DRM".

...to enable or disable this. If you buy a name brand machine, then yes, you might expect it to be locked down, so if that is the case, then the Linux crowd will simply stick to machines they build themselves, or have built for them that are not locked down. Simple solution really.

Stopping dual boot or changing the OS by users would stop the market penetration by Linux. Maybe the knowledgeable Linux crowd might build their own computers but this is beyond the capacity of probably 99% of computer users. Market penetration by a competing OS would be stopped cold which is what MS wants. They want to stop the downward slide of Windows. Yes, Linux has a very small share of the OS market, but what about some new and different OS that is developed in the future. This would stop them from even starting. It's not just about Linux.

I must say you are not getting the way of the future here. There won't be any machines you can build yourself. The best and newest mobos will not support anything but Windows. You've been outmaneuvered - they've been working on this for over ten years.

Just as you can't shut off GPS tracking on your phone, or the mic for that matter, you will not be able to bypass the switch on the mobo. Try to deactivate it, and the encrypted embedded software will prevent the board from booting, period.

And remember this: any encryption on that subsystem will enable Microsoft to invoke the Digital Millenium Copyright Act against anyone who "breaks" the encryption. You might have rights to mod the hardware, but you have *no* right to break the DMCA and decrypt the bootup blocking software. This is a trap sixteen years in the making. Welcome to the future we warned you about.

Ten years ago this might have been a viable threat to Linux. Today, however, Linux is worth too much money to too many people for this to be used to wipe it out. At worst, it will mean that cheap hardware will be locked down.

Microsoft said they're trying to figure out how to allow users to dual-boot. In the//build/ video discussing the new Windows 8 boot process, the presenter said they were trying to figure out how to keep boot secure but still allow users to boot into Windows 7, since Windows 7 doesn't support this.
And if it works for Windows 7, it'll probably work for Linux.

yes they are. it'll go like this; 'ok, we now have Windows 7 booting so how do we stop them from booting Linux'. Have you not read any of the court released emails of how Microsoft operates to keep their market position?

MS wants to take advantage of UEFI, which has obvious benefits. Chromebooks work the same way, but we don't read any heated/. articles about it because Google is charmed and MS is "evil".

It is up to the device manufacturers to figure out a way to let the end-user ultimately take control of their own PCs. They could do that Chromebooks style -- a hardware switch -- or by distributing the key in a secure manner, such as mailing it to the owner's registered home address. Consumers who care about this issue should look for this feature in whatever device they purchase. What's all the fuss?

I fail to see how this new tech will become a problem. The hardware makers want to sell hardware. Given their already thin margins, it would be stupid of them to agree to limit their boards to any one particular OS.

That said, maybe Dell might try that in the name of security, but that is an end-product seller decision. There will always OTHER makers. You can buy new motherboards from the likes of Intel and Asus, build your own systems.

IF this conspiracy theory did come true, the number of lawsuits and investigations into unfair business practices would drown a the targeted company into oblivion. I guess that is one benefit to be such a litigious country now.

I fail to see how this new tech will become a problem. The hardware makers want to sell hardware. Given their already thin margins, it would be stupid of them to agree to limit their boards to any one particular OS.

...of course, those thin margins make any sort of branding/incentive scheme (a better deal on software licenses, a kickback for qualifying for and displaying some sort of "Works with Gizmos" badge...) awfully attractive. Fortunately, our tech firms are ethical and law abiding and would never resort to [wikipedia.org] using such schemes [wikipedia.org] to obtain an anti-competetive advantage.

As a guy in the phone support trenches for a certain OEM, I just have trouble seeing this work well for everyone.I see often enough that businesses will buy a brand new machine with Windows 7 pre-installed, then blow away the OS load to immediately try to install Windows XP.

I have a hard enough time trying to teach these people that they NEED to include the Intel RST driver bundle in their image so that they stop getting STOP: 0x7B on their attempt to install or boot.I have a hard enough time trying to teach these people that they need to make sure their image is aligned on the new Advanced Format hard drives that are going in some of the smaller form factor machines (usually it's a 2.5" drive), since they want to install XP on the damn thing, then complain a week later that the machine is very slow and almost unusable.

I don't speak to customers too often that aren't running some flavor of Windows, but the few I do run into seem happy when they get someone who understands the issue they've got, and will help them despite this OEM's general policy of not assisting with an OS that the OEM did not ship. These calls are usually large corporations that run Red Hat or SUSE or something else in their corporate environment, and prefer to pay for hardware support from the OEM I work for, just so they can have coverage for all of their users in nearly any country they visit.

Keeping that last bit in mind: An OEM that implements a lockout 'feature' that prevents an operating system other than Windows 8 from being installed had better have a backup plan that keeps businesses happy, or else they've just committed suicide. It's business sales, more so than consumer sales that keep OEMs going, because businesses buy big damn contracts. Piss off the big damn contracts, and you piss off your paycheck.

Help me understand... all this does is provide keys and such... does it actually prevent anything from happening? My understanding of the tech is that it simply provides keys that allow the OS to know that it was booted cleanly and from the secure environment and also allows it to tell if the devices it's connecting to are really the devices they say they are and not rogue DLLs. Even if this system is in place, what's to stop Linux (or any other OS) from booting on the device and just ignoring the keys? Does the system itself actually prevent startup?

A unrewriteable loader checks the UEFI image, confirms it is unmodified. Starts UEFI.UEFI checks the bootloader, confirms it is unmodified. Starts the bootloader.Bootloader checks the kernel and system files, confirms they are unmodified. Starts the kernel.Kernel boot process confirms an integrity checker is unmodified, which then scans the entire OS to ensure the state of the system and all drivers.

If at any point it fails, it either attempts recovery (overwriting files with a failed

The system is designed such that it is not possible to change the core of the OS, except by patches from the OS vendor. This could be used to pull off other dirty tricks, for example to install DRM that makes it impossible to output music in decent quality, unless the music player identifies itself with a key. One could imagine that this could also interfere with your ability to record your own music, e.g. a birthday song.

This is getting ridiculous. First the game consoles are locked down, then the phones, then the tablets and not they are ready to lock down the PCs too. How long did it take open source (Linux) to make headway? It never would have happened if this was in place.

I say, if this goes down, then a big "open sit-in" at Redmond is in order. It would be great, like a OSS conference/protest all wrapped into one. And it would send a a nice message to the rest of industry too!

/.'ers are so ambiguous. uhhh..Windows is so unsecure it's pathetic..ohh man..they are trying to secure my device, who do they think they are?

I don't think "ambiguous" is the word you were looking for.

If you're accusing folks of hypocrisy, you have to be specific about who you're addressing. It's not "Slashdotters", it's not "Linux users" - both are groups so large that they include a wide range of opinions on any given subject. These opinions you cite are held by specific individuals in each group. Subsets of one group may not agree with each other on every issue. If you lump them all together, it looks like hypocrisy, but that's just becaus

Its not just linux that is blocked its also unsigned versions of windows.Who makes all the generic motherboards we use?...China.Who pirates software more than anyone else?...China

Do you honestly think the Chinese mobo makers are gonna make motherboards that wont run windows 7 (or pirated Windows 8)No microsoft cant block their import... "No sir, these motherboards are made for running linux...not pirated windows!!!"remember this term "Substantial non-infringing uses"

Seriously, every time he opens his mouth he sounds like a conspiracy nut but he is so fucking on the ball that almost everything he says eventually comes true. His 1997 article The Right to Read [gnu.org] may have seemed ridiculous fourteen years ago, but reading it now it seems masterfully prophetic:

Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that.

SUEFI can be set to lock out everything but a given set of trusted hashes(which would indeed preclude any updates of the existing OS) or it can verify the signature of something against a set of trusted keys before loading it.

Outside of a few embedded applications, I'd assume that the latter would be the one that sees more general-purpose-computer use. OSes get patched and updated all the time; but so long as the vendor signs the update the way they signed version n-1, everything will just work...

Windows 8 logo devices will be required to use the secure boot portion of the new spec.

Totally not Microsoft's fault!

I'm sure Microsoft will encourage handing out these keys. No way they'd try to hinder distribution of these keys. After all, Microsoft are the good guys and would never do anything bad to hinder competition and increase their market share. Nossir, not Microsoft. They are saints!

What they want to achieve isn't to prevent you from running another OS (although making this operation painful or impossible is of course a nice side effect to them). They want to inject the end of a chain of trust inside your own machine, so they can control what software you run, what media files you play and so on. An OS installed inside a VM would be outside the chain of trust, and thus would be unable to run the software they want to protect (most likely "apps" from the forthcoming windows market) and